using System.Security.Claims;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;

namespace AuthZ.RoleBased.Controllers;

/// <summary>
/// 授权验证演示
/// </summary>
[ApiController]
[Route("api/[controller]/[action]")]
public class PrivilegeController : ControllerBase
{
    /// <summary>
    /// 【匿名】可以访问
    /// </summary>
    [HttpGet]
    [AllowAnonymous]
    [ActionName("any")]
    public IActionResult Anonymous()
    {
        return Ok("访问成功");
    }

    /// <summary>
    /// 仅【Admin】可以访问
    /// </summary>
    [HttpGet]
    [Authorize(Roles = "admin")]
    [ActionName("only")]
    public IActionResult Admin()
    {
        return Ok($"{User.FindFirst(ClaimTypes.Name)!.Value} - 访问成功");
    }

    /// <summary>
    /// 【developer】或【tester】可以访问
    /// </summary>
    [HttpGet]
    [Authorize(Roles = "developer,tester")]
    [ActionName("or")]
    public IActionResult DeveloperOrTester()
    {
        return Ok($"{User.FindFirst(ClaimTypes.Name)!.Value} - 访问成功");
    }

    /// <summary>
    /// 【developer】且【tester】可以访问
    /// </summary>
    [HttpGet]
    [Authorize(Roles = "developer")]
    [Authorize(Roles = "tester")]
    [ActionName("and")]
    public IActionResult DeveloperAndTester()
    {
        return Ok($"{User.FindFirst(ClaimTypes.Name)!.Value} - 访问成功");
    }
}